Endpoint Data Security Gaps Pose Significant Risks

Organizations must prioritize endpoint data security to effectively manage the growing risks posed by remote work, sophisticated cyber threats, and regulatory requirements, a new report finds.
By: | June 7, 2024
Topics: Cyber | News
working from coffee shop

Endpoint data security has become an urgent concern for organizations globally, as data sprawl, remote work, and advanced cyberattacks pose increasing risks that conventional security measures often fail to mitigate, according to a recent survey by the SANS Institute on behalf of Crash Plan Group.

The generation, accumulation, and storage of enormous amounts of data — known as data sprawl — is making it increasingly difficult for organizations to effectively implement data governance policies and practices.

“This can be especially difficult when data is stored and processed on user endpoints. These endpoints — any device by which a user accesses an organization’s networks, applications, or data — take the form of an extraordinary and ever-expanding range of devices, from laptops to tablets to smartphones, and may be personally owned and, as such, less effectively managed than the organization’s devices,” the report’s authors stated.

The shift to remote and hybrid work models has further complicated the issue of data sprawl. With employees frequently working outside the physical control of the organization, many companies are facing visibility gaps when it comes to monitoring these devices off-network.

As a result, the risk of data breaches and other security incidents has increased significantly. Organizations are struggling to maintain control over their data as it spreads across a growing number of endpoints, many of which are beyond their direct oversight, according the the survey. This lack of visibility and control is leaving sensitive information vulnerable to unauthorized access, theft, and misuse, according to the report.

Gaps Between Security Policies and Practices

Most organizations recognize the risks of storing sensitive data on endpoints, with clear majorities having policies in place to prohibit the practice. The survey found that 62% prohibit storing personally identifiable information (PII) on endpoints, and 56% have deployed technical controls to enforce this policy. However, the reality falls short of the ideal: 55% of organizations still report having some PII data stored in files on endpoints.

This trend holds true across other sensitive data types as well. For example, 57% prohibit storing intellectual property (IP) data on endpoints, with 54% having technical controls for enforcement, yet 57% report some IP data residing on endpoints. Similarly, 56% forbid storing financial data on endpoints and 57% have controls to prevent it, but 53% acknowledge the presence of financial data on endpoints.

The obvious conclusion is that having policies and technical controls in place is not enough, the report noted. Organizations must work to align their security practices with their business needs, ensuring that the reality on the ground matches the policies on paper. This may require changes — with end user input — to both policies and approaches.

When it comes to the perceived risks from endpoint data security failures, operational risk tops the list for data damage or deletion scenarios, the survey found.

“Interestingly, the risk most commonly reported as resulting from data damage or deletion was ‘operational,’ taking precedence over ‘financial,’ ‘compliance,’ ‘reputational,’ ‘strategic,’ or  ‘legal’ risk,” the report’s authors noted. “The picture changes, however, when the issue is risk resulting from inappropriate data exposure. Then the most important risk is identified as  ‘reputational,’ showing a clear concern for reputational impact even among non-management, security-focused respondents.”

Closing these gaps between endpoint data security policies and practices will require organizations to first understand the reasons behind the discrepancies, the report noted. While updating policies and controls may be necessary, such measures can be ineffective or even counterproductive if not aligned with the organization’s business needs, risk tolerance, and users’ operational requirements.

“Regardless of policies, users are always going to work in the ways that they find fastest and easiest. Organizations need to consider the business needs that are driving users to store data on their local devices and take a human-centric approach to solving the problem. That means designing and using systems that make it easier for users to safeguard data than to expose it,” said Todd Thorsen, chief information security officer for CrashPlan. “The gaps driving risk to PII, IP, financial, and other types of data within day-to-day practices must be closed.”

To view the complete survey visit Crash Plan Group website. &

The R&I Editorial Team can be reached at [email protected].

More from Risk & Insurance